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AMENDMENTS TO THE CLAIMS; 



This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

L (currently amended) A method for establishing a secure network c onnection 
between a client platfor m web browser and a service, said client having resources 
including a web browser h aviftg -with a virtual machine^ and knowing andtru s tin g said 
web browser having access to a first p«blie key, said client web browser and virtual 
machine being of the type that downloads and executes applets while protecting against 
at least some of said client resources from being undated based on said applet execution, 
said method comprising: 

establishing an insecure network connection with said client web browser: 

downloadin g, over said insecure connection, at least one digitally signed applet to 
the client ptetfera tweb browser, said at least one applet compri s ing including: (a) a 
second key, (b) code 4hat4s-executable on the client platform virtual machine to cause the 
client pl a t form to store a second public ke v. and ( c) code executable on the client virtual 
machine to use the stored second key establish a secure network connection with said 
service: that allow s auth e ntication between the client platform and the oerviq e; 

before the client platform virtual machine executes the digitally signed applet, 
verifying the digitally signed applet at the client platform using the first public key the 
client platform alr e ady knowg and trusto ; 
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executing the downloaded applet code with the client platform virtual machine, 
thereby causing the client platform to store a second public key corresponding to the 
service; and 

further executing said at least one applet to cause said at least one applet to use 
using the stored second public key to authenticate the service and establish the secure 
network connectio n with the service , 

2. (currently amended) The method of claim 1 wherein the applet includes a 
second jpablie key payload and further includes first program code that controls the client 
platform to store the second public key to a non-volatile memory. 

3. (previously presented) The method of claim 2 wherein the non-volatile memory 
comprises a disk. 

4. (currently amended) The method of claim 2 wherein the applet further includes 
second program code that controls the client p l a t fo rm to use the stored second pub lic key 
to verify a signature subsequently provided by the server. 

5. (currently amended) The method of claim 1 wherein the applet further includes 
program code that controls the client pl atform to use the stored second pafelic key to 
verify a signature subsequently provided by the server. 

6. (currently amended) The method of claim 1 wherein the executing step includes 
controlling the client platform virtual machine to store, at the client, a second public key 
in the form of a digital certificate corresponding to the server, and the itsmg-further 
executing step comprises receiving a digital signature from the server, and authenticating 
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the received digital signature under control of the executing applet through use of the 
stored digital certificate corresponding to the server. 

7. (currently amended) The method of claim 1 wherein the raffle -further executing 
step includes having the executing applet invoke a further applet to establish a secure 
connection. 

8. (currently amended) The method of claim 1 wherein the applet comprises a 
signed Archive containing a digital certificate corresponding to the server, and a program 
fragment that stores the digital certificate in a predetermined location on the client 
platfor m that permits the client p latform to later retrieve the stored digital certificate, 

9. (currently amended) A client p latf orm web browser for establishing a secure 
network connection with-a service over a network, said client platform having web 
browser including a virtual machine and knowing and trusting a first publ - k - k e y , said 
client web browser and virtual machine being of the type that download and execute 
a pplets while protecting against at least some of said client resources from being updated 
by said applet execution, s aid client platform comprising: 

an applet receiver that receives a -at least one digitally signed applet from the 
service over the -an insecure n etwor k connection, said at least one applet including: (a) a 
kev, (b) code executable on the client virtual machine to cause the client to store the kev. 
and (c) code executable on the client virtual machine to establish a secure network 
connection with said service* said applet being execut a b le -executed b v the client platform 
virtual machine to cause the client platform to store a aeoondt he public key delivered with 
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the applet, the stored key allowing t hat allow3 authentication between the client platform 
and the service; 

wherein the client platform virtual maohin e web browser includes an applet verifier 
that, before executing the applet, verifies the digitally signed applet using a first public 
key th e client platform already knows and trusts kev different from the key delivered with 
the applet; 

wherein the client pl atform virtual machine further includes an applet executor 
that executes the applet, thereby controlling the client platform to store a s e cond 
puWiethe key delivered with the applet, said delivered key corresponding to the server, 
and uses the stored delivered s econd public key to authenticate the service server and 
establish fee-a.secure network connectio n between the client and the server . 

10. (currently amended) A method for establishing a secure network connection 
with a clien t web browser, said client platform virtual machin e web browser including a 
virtual machine, said client web browser and virtual machine being of the type that 
download and execute applets while protecting at least some of client reso urces from 
being affected by said applet execution, the method comprising: 

downloadin g- over an insecure network connection, aa -at least one e xecutable 
applet to the client platf o rm virtual machine, said at least one applet including: ( z) a 
further kev corresponding to the server, (b) code executable on the client virtual machine 
to cause the client to store the farther kev corresponding to the serv er, and (c) code 
executable on the client virtual machine to establish a secure network connection with 
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said server, t he digitally signed applet being digitally signed such that the client platform 
virtual machine can verify the digitally signed applet using a first pu b lic key the client 
p latf orm already knows and trust spossesses before said downloading, th e at least one 
digitally signed applet including athe second public further k ey and code executable by 
the client platform virtual machine that controls the client p l atform virtual machine to 
store the s e con d p ubli a - key on the client ptetformfurther key: 

sending a digital credential to the client, said digital credential being verifiable by 
the cKent platfoim -apBlfiL^^S *h e stored oeoond publie ffflflher ke v delivered with the at 
least one applet : and 

establishing a secure network communication with the executing client applet 
based on said digital credential as verified by the client_aEElet 

11. (currently amended) The method of claim 10 wherein the applet code controls 
the client platform to store the second publi o further key to a non-volatile memory. 

12. (previously presented) The method of claim 11 wherein the non- volatile 
memory comprises a disk, 

13. (currently amended) The method of claim 10 wherein the applet further 
includes further code that controls the client platform to use the stored s econd 
puWiefijrther key to verify the digital credential. 

14. (currently amended) The method of claim 10 further including sending a 
further applet to the client platform in response to an invocation of the further applet by 

lat least one applet. 
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15. (currently amended) The method of claim 10 wherein the applet comprises a 
signed Archive containing a digital certificate, and a program fragment that stores the 
digital certificate in a predetermined location on the client platform that permits the client 
platform to later retrieve the stored digital certificate. 

16. (currently amended) A server for establishing a secure network connection 
with a client web browser over a network, said client having resources including the web 
browser and a virtual machine a jid k- aewing and tru s ting - a fir s t public k e y , said client 
web browser and virtual machine being of the type that download and execute applets 
while protecting at least some of said client resources from being affected by said app let 
execution, said server comprising: 

an applet transmitter that transmits a -at least one d igitally signed applet to the 
client over fes -an insecure n etwor k connection, the at least one applet being digitally 
signed using th^-ajirst public key the client already knows and trust sp ossesses 
independently of the applet said at least one applet including: (a) a second kev 
corresponding to the server, (b) code executable on the client virtual machine to cause the 
client to store the second kev. and (o) code executable on the client virtual machine to 
establish a secure network connection with said server, the applet being executable by the 
client virtual machine to control the client to store the a second pabiie-key corresponding 
to the server; and 
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a digital credential transmitter that transmits a digital credential to the client 
executing the applet, the digital credential being authenticatable by the client using the 
second publio ke y: and 

a secure network connector that establishes a secure network connection with the 
client under control of the executing applet and based at least in part on the digital 
credential beinjg authenticated bv the second kcv delivered over the insecure network 
connection* . 

17. (currently amended) A method for establishing a secure network connection 
between a server and a web browser having access to a firs t, trusted publio k ey and also 
having a virtual machine, said web browser and virtual machine downloading and 
executing applets while protecting resources from being updated b v said applet 
execution, said method comprising: 

downloadin g to the browser over an insecure network connection, gna t least one 
digitally signed applet including ex e cutabl e cod e #om tho oervar to the browser , the 
applet includin g: fa) a second f»hl4^ke y_associated with the server, (h) code executable 
on the client virtual machine to cause the client to store the second key, and fc) code 
executable on the client virtual machine to establish a secure network connection with 
said server: 

verifying the digitally signed applet at the browser using the first publio key; 



-8- 



; PAGE 11/16* RCVD AT 712812004 9:57:49 AM [Eastern Daylight Time] • SVR:USPTO-EFXRF-2/0 * DNIS:7469733* CSID:703 816 4100 * DURATION (mm-ss):04-40 O8& 



NIXON & VANDERHYE PC3 Fax:703-816-4100 Jul 28 2004 10:06 P. 1 2 

SALOWEY 
Appl. No. 09/524,272 
July 12, 2004 

executing the applet with the virtual machine to cause the client to store the second 
pv&lie key into a certificate store asaociat e d - wilfa the browser in r e sponse to th e v e rifying 

using the stored second pufelte key to authenticate tfae -a further credential delivered 
bv the server; and 

based on said authentication of said further credential, establishing, under control 
of the executing applet a secure network connection between the web browser and the 
server . 

18. (previously presented) A method as in claim 17 wherein the applet comprises 
an archive. 

G 
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